Management apparatus and method for controlling management apparatus

ABSTRACT

A device management apparatus sets a first password required to reflect a security policy managed by the device management apparatus on a device or change the security policy in a device, generates distribution data including the security policy and the set first password, and distributes the generated distribution data to a selected device.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.14/793,555 filed Jul. 7, 2015, which claims the benefit of JapanesePatent Application No. 2014-142725, filed Jul. 10, 2014, the disclosuresof each of which are hereby incorporated by reference herein in theirentirety.

BACKGROUND OF THE INVENTION Field of the Invention

The present invention relates to a technique for distributing settinginformation for security (a security policy) to a device via a network.

Description of the Related Art

Conventionally, there is a technique for distributing settinginformation to a device existing on a network, such as an image formingapparatus. The setting information includes information about a user whouses the device, address book information, and setting values of anapplication that operates on the device.

For example, Japanese Patent Application Laid-Open No. 2013-243488discusses a technique in which, when a device is replaced with anotherdevice, a management apparatus distributes part of setting informationacquired from the device before replacement to the device afterreplacement.

In recent years, there has also been a need to make settings for varioustypes of devices according to security guidelines based on a networkenvironment and the operation of an office. Generally, the settingsregarding security guidelines are termed a security policy.

A security policy is settings used to ensure security. If devices in thesame organization use different security policies, a security hole mayoccur. Thus, it is considered desirable to collectively distribute asecurity policy to all devices on a network to reflect the settings forthe security policy in all the devices.

The security policy, however, is not mere settings assumed in JapanesePatent Application Laid-Open No. 2013-243488, but serves asorganizational security guidelines. Thus, if the security policy can bechanged in each device after the distribution, this becomes a majorproblem. Thus, there is a need for a mechanism capable of distributing asecurity policy on a network by employing a management system differentfrom that of normal setting information and also taking convenience intoaccount.

SUMMARY OF THE INVENTION

The present invention is directed to a mechanism capable of safelymanaging a security policy to prevent an inadvertent change to thesecurity policy, and collectively distributing the security policy to aplurality of devices on a network to reflect the security policytherein.

According to an aspect of the present invention, a management apparatusfor managing a device capable of communicating on a network includes afirst management unit configured to manage a security policy indicatinga setting value of a setting item for security for a device, a selectionunit configured to select a device to which the managed security policyis to be distributed, a setting unit configured to set a first passwordrequired to reflect the security policy on the selected device or changethe security policy in the selected device, a generation unit configuredto generate distribution data including the security policy and the setfirst password, and a distribution unit configured to distribute thegenerated distribution data to the selected device.

Further features of the present invention will become apparent from thefollowing description of exemplary embodiments with reference to theattached drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagram illustrating a configuration example of a networksystem according to a first exemplary embodiment of the presentinvention.

FIG. 2 is a diagram illustrating an example of a hardware configurationof a management apparatus.

FIG. 3 is a diagram illustrating an example of a hardware configurationof a device.

FIG. 4 is a diagram illustrating an example of a module configuration ofsoftware of the management apparatus.

FIGS. 5A and 5B each illustrate an example of an operation screen for asecurity policy, which is provided by a device.

FIGS. 6A and 6B each illustrate an example of an operation screen of adevice in which a security policy is reflected.

FIG. 7 illustrates an example of a screen for setting a security policy,which is provided by the management apparatus.

FIG. 8 is a flowchart illustrating processing in which the managementapparatus distributes setting information to devices.

FIG. 9 illustrates an example of a screen for selecting a securitypolicy.

FIG. 10 illustrates an example of a screen for selecting a device as adistribution target.

FIGS. 11A and 11B each illustrate an example of a screen for receivingan entry of a policy password.

FIGS. 12A and 12B each illustrate an example of setting information tobe distributed to a device by the management apparatus.

FIG. 13 illustrates an example of setting contents of a security policy.

FIG. 14 is a flowchart illustrating processing in which the managementapparatus exports setting information.

FIG. 15 illustrates an example of a screen for entering various piecesof information required for the export.

FIG. 16 is a diagram illustrating an example of a module configurationof software of each device.

FIG. 17 is a flowchart illustrating processing in which each devicereceives setting information.

FIG. 18 illustrates an example of contents of a device informationdatabase managed by the management apparatus.

FIG. 19 is a flowchart illustrating processing in which a managementapparatus acquires setting information from a device according to asecond exemplary embodiment.

FIG. 20 illustrates an example of setting information to be acquired bythe management apparatus according to the second exemplary embodiment.

FIG. 21 illustrates security policies managed by a setting informationdatabase according to the second exemplary embodiment.

FIG. 22 is a flowchart illustrating processing in which the managementapparatus distributes setting information to devices according to thesecond exemplary embodiment.

FIG. 23 illustrates an example of a screen for receiving an entry of apolicy password according to the second exemplary embodiment.

DESCRIPTION OF THE EMBODIMENTS

Various exemplary embodiments of the present invention will be describedin detail below with reference to the drawings.

FIG. 1 illustrates a network system according to a first exemplaryembodiment of the present invention. In this system, a managementapparatus 101, which manages devices on a network, operates.

Devices 102, 103, and 104 are present on the network such as a localarea network (LAN) 100, and are targets to be managed by the managementapparatus 101. Examples of the devices 102, 103, and 104 include imageforming apparatuses such as printers, copying machines, scanners, andcameras, smartphones, and tablets.

FIG. 2 is a diagram illustrating an example of a hardware configurationof the management apparatus 101. In the present exemplary embodiment,the management apparatus 101 can be achieved using a general personalcomputer (PC).

A hard disk drive (HDD) 212 stores a program of device managementsoftware according to the present exemplary embodiment. The devicemanagement software is the main operating unit in all the followingdescriptions. A central processing unit (CPU) 201 is the main unit forexecution on hardware in all the following descriptions unless otherwisespecified. On the other hand, as described above, the device managementsoftware (program) stored in the hard disk drive (HDD) 212 is the mainunit for control on software. That is, the CPU 201 reads and executesthe device management program recorded in a computer-readable manner inthe HDD 212, to implement the functions of the management apparatus 101to be described below. A read-only memory (ROM) 202 stores BasicInput/Output System (BIOS) and a boot program. A random-access memory(RAM) 203 functions as a main memory or a work area for the CPU 201. Akeyboard controller (KBC) 205 controls an instruction input from akeyboard (KB) 209 or a pointing device (PD) 210. A display controller(DSPC) 206 controls the display of a display (DSP) 211. A diskcontroller (DKC) 207 controls access to a storage device such as thehard disk drive (HDD) 212 or a Compact Disc Read-Only Memory (CD-ROM)(CD) 213. The hard disk drive (HDD) 212 or the CD-ROM (CD) 213 stores aboot program, an operating system (OS), a database, the devicemanagement program, and data of these. An interface controller (IFC) 208transmits and receives information to and from another network devicevia the LAN 100. It does not matter whether the connection to thenetwork is wired or wireless. These components are placed on a systembus 204.

Further, in the present exemplary embodiment, the OS is assumed to be,for example, Windows (registered trademark) manufactured by MicrosoftCorporation, but is not limited to this.

FIG. 3 is a diagram illustrating an internal configuration of each ofthe devices 102, 103, and 104. FIG. 3 illustrates an image formingapparatus 300 having a print function, a scan function, and a networkcommunication function as an example of the devices 102, 103, and 104.

A CPU 301 controls the entire image forming apparatus 300. A ROM 302stores a print processing program to be executed by the CPU 301 and fontdata. A RAM 303 is used as a work area or a reception buffer for the CPU301, or used by the CPU 301 to render an image. An HDD 304 recordssetting values of the image forming apparatus 300. An operation panel305 includes various switches and buttons, a touch panel, and a liquidcrystal display unit for displaying a message. On the operation panel305, a user can operate the above setting values of the image formingapparatus 300. A network interface 306 is used to connect to thenetwork. A printer engine 307 performs printing on a recording sheet. Ascanner 308 is used to read a document. A facsimile communication unit309 is used to transmit and receive a facsimile.

FIG. 4 is a diagram illustrating an example of a module configurationachieved by executing device management software 400, which operates onthe management apparatus 101. As described above, the device managementsoftware 400 is read from the HDD 212 and executed by the CPU 201.

A user interface (UI) control unit 401 provides a graphical userinterface (GUI) for receiving an operation performed by an administratorof the devices 102, 103, and 104. The GUI is configured to be displayedon the display 211, which is provided in the management apparatus 101.Alternatively, the GUI can also be configured as a web application thatcan be used on another client PC, using the Hypertext Transfer Protocol(HTTP). In this case, the administrator performs an operation throughthe GUI displayed in a web browser of the client PC.

A device management unit 402 searches for a device connected to the LAN100, via a search unit 406. The search for a device by the search unit406 can be achieved by transmitting a search request packet such as aService Location Protocol (SLP) packet or a Simple Network ManagementProtocol (SNMP) packet. The device management unit 402 can also acquire,via a communication unit 407, device information indicating the details(the device name, the model name, the serial number, the ability, andthe state) of a device found in the search by the search unit 406.Further, the device management unit 402 stores and manages, in a deviceinformation database 409, address information (the Internet Protocol(IP) address, the media access control (MAC) address, and GlobalPositioning System (GPS) information) of the device and the deviceinformation acquired from the device. The information registered in thedevice information database 409 can also be viewed in the form of adevice list by the user through the UI control unit 401.

A setting information management unit 403 instructs a settinginformation acquisition unit 404 to acquire setting information from thedevice via the communication unit 407 and stores the setting informationin a setting information database 408. The setting information stored inthe setting information database 408 can also be viewed by the userthrough the UI control unit 401. Further, the setting informationmanagement unit 403 can perform control so that the setting informationstored in the setting information database 408 is distributed to thedevice via the setting information distribution unit 405. Settinginformation acquired from another management apparatus other than thedevice and setting information imported as a file by the administratormanually operating the device management unit 402 can also be stored andmanaged in the setting information database 408. The setting informationdistribution unit 405 distributes the setting information to the devicevia the communication unit 407.

At this time, in the present exemplary embodiment, the settinginformation acquisition unit 404 and the setting informationdistribution unit 405 achieve the acquisition and distribution of thesetting information of the device by a web service using the HTTP andthe Simple Object Access Protocol (SOAP) via the communication unit 407.The acquisition and distribution of the setting information of thedevice may be achieved using another communication protocol.

Further, the configuration can be such that when acquiring the settinginformation, the setting information acquisition unit 404 acquires onlythe setting value of a setting item determined in advance. Further, theconfiguration can be such that the setting information acquisition unit404 acquires the setting value of a setting item selected by the userthrough the UI control unit 401. Similarly, the configuration can besuch that when distributing the setting information, the settinginformation distribution unit 405 distributes the setting value of apredetermined setting item or a setting item selected by the user.

FIGS. 5A and 5B illustrate examples of operation screens for a securitypolicy, which are provided by each of the devices 102, 103, and 104. Asecurity policy setting screen of the device can be displayed on theoperation panel 305 of the device or displayed by accessing a web server(not illustrated) of the device, using a web browser of a PC such as themanagement apparatus 101.

FIG. 5A illustrates a screen for confirming a security policy. In FIG.5A, the current security policy is displayed on the screen. The policyversion illustrated in FIG. 5A is version information corresponding tothe contents of the security policy. Security policies in differentpolicy versions have different settable items. Further, in FIG. 5A, thescreen prompts the user to enter a password for changing the securitypolicy. In the present exemplary embodiment, this password is referredto as a “policy password”. Unlike a login password used for loginprocessing for performing a normal operation on the device, the policypassword is a dedicated password used only to change the securitypolicy. That is, even if the user can log into the device and operatethe device, the user cannot change the security policy unless the userknows the policy password.

FIG. 5B illustrates an example of a screen for setting the securitypolicy, which is displayed when a correct policy password has beenentered on the screen illustrated in FIG. 5A. On the screen illustratedin FIG. 5B, it is possible to change the setting values of various itemsfor the security policy defined as a policy version 1.00. The userprovides an input for enabling or disabling the items illustrated inFIG. 5B and then presses an “OK” button, so that a change to the settingvalues is reflected.

FIGS. 6A and 6B illustrate examples of an operation screen on theoperation panel 305 of the device.

In the operation screen illustrated in FIGS. 6A and 6B, the securitypolicy illustrated in FIGS. 5A and 5B is reflected. In the examples ofFIGS. 5A and 5B, the security policy prohibits the transmission of afacsimile (FAX) and the use of a Universal Serial Bus (USB) interface.Thus, in FIG. 6A, menus for operations relating to “scan and transmitFAX” and “USB memory” are disabled so that the user cannot operate thesemenus. If the user selects such a disabled menu, a message indicatingthat the selected function cannot be executed due to the security policymay be displayed, as illustrated in FIG. 6B. In the security policy,there are setting items for restricting the functions of transmittingdata to the outside through FAX and electronic mail, and the functionsof interface portions such as the USB interface and a panel portion.Additionally, there may also be a setting item for restricting thefunction of authenticating the device.

FIG. 7 illustrates an example of a screen for setting a security policy,which is provided by the management apparatus 101.

On the screen illustrated in FIG. 7, unlike the screens illustrated inFIGS. 5A and 5B, it is possible to further specify a policy name and apolicy version. There is a case where the management apparatus 101manages a plurality of security policies so that each of the policiescorresponds to a single department or organization. Thus, the managementapparatus 101 manages policy names to identify the respective securitypolicies.

It is possible to newly create or edit a security policy using thesetting screen of the management apparatus 101 illustrated in FIG. 7.Further, it is possible to create a new security policy by importing anexported setting file, which will be described later with reference toFIG. 14, into the device management software 400.

FIG. 8 is a flowchart illustrating processing in which the managementapparatus 101 distributes setting information to the devices 102 to 104.The processing illustrated in the flowchart in FIG. 8 is achieved byexecuting the device management software 400 of the management apparatus101.

In step S801, the setting information distribution unit 405 performsprocessing for selecting a security policy to be distributed. Morespecifically, first, the setting information distribution unit 405acquires a list of security policies from the setting informationdatabase 408 via the setting information management unit 403. Then, theUI control unit 401 displays the acquired list of security policiesusing a GUI (see FIG. 9) and receives selection by the user.

FIG. 9 illustrates an example of a screen for selecting a securitypolicy, which is displayed in step S801. A list of security policiesillustrated in FIG. 9 includes, for example, two security policieshaving the policy names “public space” and “head office department”.Further, information such as the policy version and the last update dateand time of each security policy is also displayed. It is possible toselect only one of the security policies on this screen. In the exampleof FIG. 9, the security policy “public space” is selected using a radiobutton.

In step S802, the setting information distribution unit 405 performsprocessing for selecting a device as a distribution target to which thesecurity policy is to be distributed. More specifically, first, thesetting information distribution unit 405 acquires a list of devicesfrom the device information database 409 via the setting informationmanagement unit 403. Then, the UI control unit 401 displays the acquiredlist of devices using a GUI (see FIG. 10) and receives selection by theuser. The user is assumed to be an administrator in charge of themaintenance and asset management of network devices, or a policyadministrator who manages the policies of an organization.

FIG. 10 illustrates an example of a screen for selecting a device, whichis displayed in step S802. A list of devices illustrated in FIG. 10includes three devices having the device names “device A”, “device B”,and “device C”. Further, in addition to the policy version supported byeach device, device information such as the model name and theinstallation location of the device is also displayed on this screen. Itis possible to select one or more of the devices as distribution targetsto which the security policy is to be distributed. In the example ofFIG. 10, the device A and the device B are selected as the distributiontargets.

The devices listed in FIG. 10 may be narrowed down to only devices towhich the security policy selected in step S801 can be distributed. Thedetermination of whether the security policy can be distributed is madeby comparing the policy version of the security policy selected in stepS801 with the policy version supported by each device stored in thedevice information database 409. In the example of FIG. 10, it isassumed that the security policy has backward compatibility. Thus, for apolicy version V1.00 of the security policy “public space” to bedistributed, devices that support the policy version V1.00 or later aredisplayed in the list of devices. That is, a device that only supports apolicy version V0.50 or earlier is not displayed in the list, whereasthe device B, which supports a policy version V1.10, is included anddisplayed in the list.

In step S803, the setting information distribution unit 405 confirmswhether the security policy has been distributed to all the devicesselected in step S802. If the distribution of the security policy to allthe devices is completed (YES in step S803), this distributionprocessing is ended. If there are devices to which the security policyhas not been distributed (NO in step S803), the processes of step S804and thereafter are performed on one of the devices as a processingtarget device.

In step S804, the setting information distribution unit 405 confirms,via the setting information management unit 403, whether policy passwordinformation of the target device is present in the device informationdatabase 409. If a policy password for the target device is present inthe device information database 409 (YES in step S804), the processingproceeds to step S805. If a policy password for the target device is notpresent in the device information database 409 (NO in step S804), theprocessing proceeds to step S806. In step S805, the setting informationdistribution unit 405 reads and acquires the policy password informationof the target device from the device information database 409 via thesetting information management unit 403.

In step S806, the setting information distribution unit 405 receives anentry of a policy password for the security policy to be distributed tothe target device. In this case, as illustrated in FIGS. 11A and 11B,the UI control unit 401 displays a setting screen using a GUI andreceives an entry from the user. FIG. 11A illustrates a setting screenfor receiving an entry of a policy password from the user. If a policypassword has been acquired in step S805, the setting screen is displayedin a state where the acquired policy password has already been entered.The user can further edit the policy password.

In step S807, the setting information distribution unit 405 stores thepolicy password received in step S806, as device information about thedevice, in the device information database 409 via the settinginformation management unit 403. In step S808, the setting informationdistribution unit 405 generates setting information as distribution databased on the security policy selected in step S801 and the policypassword set in steps S805 to S807. In step S809, the settinginformation distribution unit 405 distributes the setting informationgenerated in step S808 to the target device via the communication unit407.

In the processing illustrated in FIG. 8, the distribution processing isperformed by individually setting a policy password for each of theplurality of devices serving as the distribution targets and thengenerating setting information. However, it is also possible tocollectively perform the distribution processing by setting policypasswords at a time for all the devices selected in step S802 and thengenerating setting information. More specifically, in step S806, asillustrated in FIG. 11B, a screen for receiving entries of policypasswords for all the selected distribution target devices is provided.

In FIG. 11B, a text box for the device A is blank. This is because thesecurity policy has not been distributed to the device A before, andtherefore a policy password for the device A is not stored in the deviceinformation database 409. On the other hand, a policy password hasalready been entered in a text box for the device B. This is because apolicy password used when the security policy was distributed to thedevice B in the past is stored in the device information database 409.This screen allows policy passwords for a plurality of devices to beentered. Thus, in the processes of steps S807 to S809, it is possible todistribute setting information to the plurality of devices.

In the screen illustrated in FIG. 11B, an instruction unit for, if apolicy password has been entered into any one of the text boxes,collectively setting the same policy password for the other devices maybe further provided. This can facilitate collectively setting the samepolicy password for a plurality of devices.

FIG. 18 illustrates the contents included in the device informationdatabase 409 managed by the management apparatus 101. The deviceinformation database 409 includes identification information, securitypolicy version information, and policy password information of eachdevice.

More specifically, as device information, information acquired by thedevice management unit 402, such as the device name and the serialnumber of each device and the policy version supported by the device, isstored. Further, there is also an area for holding a policy password foreach device.

In step S804 described above, it is confirmed whether a policy passwordfor the target device of interest is present in the device informationdatabase 409. Further, in step S807 described above, the policy passwordentered by the user on the screen illustrated in FIG. 11A or 11B isstored in the device information database 409.

FIGS. 12A and 12B illustrate examples of the setting information to bedistributed to the device by the management apparatus 101 in step S809.These pieces of setting information are described in the ExtensibleMarkup Language (XML). Further, these pieces of setting information areexamples of pieces of setting information to be distributed in a casewhere the security policy having the name “public space” illustrated inFIGS. 9 and 10 is distributed to two devices having the names “device A”and “device B”.

FIG. 12A is an example of setting information that is generated usingthe security policy having the policy name “public space” and is to bedistributed to the “device A”.

An element 1201 represents the settings for the security policy. Theelement 1201 includes, as attributes, identification information (ID)for the management apparatus 101 to identify the security policy, thepolicy version, and the policy name. An element 1202 represents a policypassword and holds a password required to apply the settings for thesecurity policy to the device A. An element 1203 represents the settingcontents of the security policy and includes a plurality of childelements (Item tags). A single Item tag corresponds to a single policyitem and has, as an attribute, identification information (ID) foridentifying the item. The values “true” and “false” indicate whethereach policy item is to be enabled.

FIG. 12B is an example of setting information that is generated usingthe security policy having the policy name “public space” and is to bedistributed to the “device B”. An element 1204, which represents apolicy password, is different from the element 1202 illustrated in FIG.12A.

In the examples of FIGS. 12A and 12B, different passwords are set in theelements 1202 and 1204. If, however, the same policy password is set forthe devices A and B, the passwords in the elements 1202 and 1204 arealso the same.

The setting information illustrated in FIGS. 12A and 12B can furtherinclude setting information (not illustrated) other than that of thesecurity policy. For example, in step S808 described above, the settinginformation distribution unit 405 further inquires of the user aboutwhether another piece of setting information is also to be distributed.Then, if the user has provided an input indicating that another piece ofsetting information is also to be distributed, the UI control unit 401displays a screen for further adding setting information to bedistributed, using a GUI. At this time, examples of the settinginformation to be added include setting information that is not muchrelated to security, such as address book information and userinformation. The additional setting information is not restricted by apolicy password as described above. That is, if the user attempts tofurther change the additional setting information on an operation screenof the device, the device does not request an entry of a policy passwordas illustrated in FIG. 5A.

FIG. 13 illustrates an example of the setting contents of a securitypolicy that can be held by the management apparatus 101 and the devices102 to 104.

The management apparatus 101 manages a plurality of security policies asillustrated in FIG. 9. More particularly, the management apparatus 101manages the setting contents of each security policy as illustrated inFIG. 13. If this security policy has been distributed and applied assetting information to the devices 102 to 104, then accordingly,functions are restricted as illustrated in FIGS. 6A and 6B. The settingscreens illustrated in FIGS. 5A and 5B are also screens for setting asecurity policy for the device, which has the setting contentsillustrated in FIG. 13. In the example of FIG. 13, an item having thesetting value “true” indicates that the corresponding policy is enabled.For example, a policy item ID “10001” is enabled, and therefore theuser's use of the function for transmitting a FAX is restricted in thedevice.

The screens for setting a security policy that are displayed on themanagement apparatus 101 and the devices 102 to 104 may be differentdepending on the policy versions supported by the management apparatus101 and the devices 102 to 104. For example, the setting informationillustrated in FIGS. 12A and 12B includes the security policy in thepolicy version V1.00. Then, on the screen for setting a security policythat is provided by a device that supports the policy version V1.00,only setting items included in the security policy in the policy versionV1.00 are displayed. On the other hand, in the case of a device thatsupports a later version such as the policy version V1.10, even if thesecurity policy in the policy version V1.00 is applied to the device, alarger number of setting items may be displayed on the setting screen.This is because the number of setting items for security has increaseddue to a version upgrade of the security policy. Thus, if a securitypolicy in a version earlier than a later policy version supported by adevice is applied to the device, the setting values of only items thatmatch the applied security policy are reflected.

FIG. 14 is a flowchart illustrating processing in which the managementapparatus 101 exports setting information as a file to a file system.This processing is also achieved by the management apparatus 101executing the device management software 400.

At this time, the contents of the setting information to be exported asa file are in an XML format, similarly to the setting informationillustrated in FIGS. 12A and 12B. The setting information, however,includes information that should be treated with confidentiality, suchas a policy password and policy settings. Thus, the setting informationis encrypted with a password different from the policy password. In thepresent exemplary embodiment, this password is referred to as an“encryption password” and treated in distinction from a policy password.

First, in step S1401, the setting information distribution unit 405performs processing for selecting a security policy to be exported. Morespecifically, first, the setting information distribution unit 405acquires a list of security policies from the setting informationdatabase 408 via the setting information management unit 403. Then, theUI control unit 401 displays the acquired list of security policiesusing a GUI and receives selection by the user.

In step S1402, the setting information distribution unit 405 receives anentry of a policy password for applying the security policy. At thistime, the setting information distribution unit 405 receives an entry ofa policy password from the user, using a GUI (see FIG. 15) displayed bythe UI control unit 401. In step S1403, the setting informationdistribution unit 405 receives an entry of an encryption password forencrypting setting information. At this time, the setting informationdistribution unit 405 further receives an entry of an encryptionpassword from the user, using the above-described GUI (see FIG. 15). Instep S1404, the setting information distribution unit 405 receives anentry of a file path as the file output destination of the settinginformation. At this time, the setting information distribution unit 405further receives an entry of a file path from the user, using theabove-described GUI (see FIG. 15).

In step S1405, the setting information distribution unit 405 generatessetting information using the security policy and the policy passwordobtained in steps S1401 and S1402. In step S1406, the settinginformation distribution unit 405 encrypts the generated settinginformation and outputs the encrypted setting information to the filepath set in step S1404, thereby exporting the setting information. Atthis time, the exported file is to be decrypted using the encryptionpassword set in step S1403.

FIG. 15 illustrates an example of a screen for entering various piecesof information required for the export processing illustrated in FIG.14. More specifically, the screen illustrated in FIG. 15 prompts theuser to enter a policy password, an encryption password, and the filepath of the output destination.

FIG. 16 is a diagram illustrating an example of a module configurationof software of each of the devices 102, 103, and 104. Particularly, adescription is given here of components related to software required tomanage setting information and a security policy according to thepresent exemplary embodiment.

A policy management unit 1601 controls restrictions on various functionsof the device according to the settings for a security policy stored ina setting information database 1605.

An analysis unit 1602 analyzes setting information received from themanagement apparatus 101 via a communication unit 1604. The analysisunit 1602 determines whether a policy password included in the receivedsetting information matches a policy password stored in the settinginformation database 1605. Only if the policy passwords are determinedto match, the analysis unit 1602 updates the settings for a securitypolicy stored in the setting information database 1605, using a securitypolicy included in the received setting information. Further, for asetting, other than the settings for the security policy, included inthe received setting information, the analysis unit 1602 also updatesthe setting value stored in the setting information database 1605. Atthis time, the setting value to be updated is that of a setting, otherthan the settings for the security policy, included in the settinginformation and is that of only a setting that does not violate thesecurity policy already stored in the setting information database 1605.Even in the case of a setting, other than the settings for the securitypolicy, included in the setting information received from the managementapparatus 101, if the setting value of the setting violates the securitypolicy, the setting value is ignored by the analysis unit 1602 whenupdating the setting information database 1605, and is not reflected.

A setting information management unit 1603 stores, in the settinginformation database 1605, various setting values of setting informationincluding the settings for a security policy, and reads the varioussetting values from the setting information database 1605. The settinginformation management unit 1603 stores the various setting values inthe setting information database 1605 according to the analysis unit1602.

A UI control unit 1606 provides a GUI for operating the device. The GUIis displayed on the operation panel 305 or displayed in a web browser(not illustrated) of another PC via a web server.

FIG. 17 is a flowchart illustrating processing in which each of thedevices 102 to 104 receives setting information. This processing isachieved by the CPU 301 of the device reading and executing a programregarding the processing recorded in the HDD 304.

In step S1701, the communication unit 1604 receives setting informationfrom the management apparatus 101. In step S1702, the analysis unit 1602confirms whether the setting information received in step S1701 isencrypted. If the setting information is encrypted (YES in step S1702),the processing proceeds to step S1703. If the setting information is notencrypted (NO in step S1702), the processing proceeds to step S1704.

At this time, as an example of a case where the setting informationreceived from the management apparatus 101 is encrypted, there is a casewhere the setting information exported once in the processing describedin FIG. 14 is distributed as it is to the devices 102 to 104.

In step S1703, the analysis unit 1602 receives an entry of a passwordfor decryption via a GUI displayed by the UI control unit 1606. At thistime, only if the entered password matches an encryption password set inthe setting information, the analysis unit 1602 decrypts the settinginformation received from the management apparatus 101.

In step S1704, the analysis unit 1602 determines whether a policypassword included in the setting information matches a policy passwordstored in the setting information database 1605. If the policy passwordsmatch (YES in step S1704), the processing proceeds to step S1705. If thepolicy passwords do not match (NO in step S1704), the processingproceeds to step S1706.

In step S1705, the analysis unit 1602 performs processing for updatingthe setting information database 1605, using setting values for asecurity policy included in the setting information received in stepS1701. More specifically, the analysis unit 1602 updates via the settinginformation management unit 1603 the setting values of setting items fora security policy stored in the setting information database 1605, usingthe setting values of the same items included in the received settinginformation. Further, among the setting items for the security policyincluded in the received setting information, a setting item that is notmanaged by the setting information database 1605 is ignored, and is notreflected.

In step S1706, the analysis unit 1602 determines whether processingregarding the setting values of setting items, other than those for thesecurity policy, included in the setting information received in stepS1701 is completed. If the above processing is not completed (NO in stepS1706), the processing proceeds to step S1707. If the above processingis completed (YES in step S1706), this processing is ended.

In step S1707, the analysis unit 1602 reads, as a target setting value,one of the setting values of the setting items, other than those for thesecurity policy, included in the setting information received in stepS1701 and determines the target setting value. More specifically, theanalysis unit 1602 determines whether the target setting value violatesthe security policy according to a setting value stored in the settinginformation database 1605. For example, if the received settinginformation includes a setting value indicating that FAX is used as acommunication method for an exception notification even though thetransmission and reception of a FAX is prohibited by the securitypolicy, it is determined that the setting value violates the securitypolicy. If the setting value violates the security policy (YES in stepS1707), the processing returns to step S1706. If the setting value doesnot violate the security policy (NO in step S1707), the processingproceeds to step S1708. Then, the analysis unit 1602 updates the settinginformation database 1605 using the target setting value via the settinginformation management unit 1603.

At this time, if the setting value violates the security policy based onthe determination of the analysis unit 1602 in step S1707, the settingvalue is not reflected in the setting information database 1605.

In the present exemplary embodiment, when the management apparatus givesan instruction to distribute setting information including a securitypolicy, the management apparatus sets a policy password for each device.Then, only if a policy password already managed by the distributiondestination device matches a password included in the distributedsetting information, a security policy of the device is updated. Withthis configuration, it is possible to easily distribute settinginformation including a security policy to a plurality of devices, whilepreventing a security policy of each device from being easily changed.

In a second exemplary embodiment of the present invention, an examplewill be described where the management apparatus 101 acquires settinginformation from a particular device for use as a backup or for reuse asdistribution data to be distributed to another device. At this time, themanagement apparatus 101 according to the present exemplary embodimentseparately stores and manages a security policy and a policy passwordincluded in the setting information. Then, when the security policy isto be distributed and if a predetermined condition is satisfied, themanaged policy password is reused to save the trouble of entering apassword, thereby improving convenience.

In the present exemplary embodiment, components similar to those of thefirst exemplary embodiment are designated by the same numerals and willnot be described in detail here. Only the differences from the firstexemplary embodiment will be described below.

FIG. 19 is a flowchart illustrating processing in which the managementapparatus 101 acquires setting information from any one of the devices102 to 104. This processing is achieved by the management apparatus 101executing the device management software 400.

In step S1901, the setting information acquisition unit 404 makes apredetermined request to the device to acquire setting information. Atthis time, the user can specify a necessary setting item in the requestto acquire setting information desired by the user.

FIG. 20 illustrates the setting information to be acquired from thedevice by the management apparatus 101. Basically, this information issimilar to the setting information illustrated in FIGS. 12A and 12B, andsmall differences will be described below.

An element 2001 represents the settings for a security policy. Thesecurity policy is held by the device, and therefore the ID and thepolicy name included in the element 1201 illustrated in FIGS. 12A and12B are not included in the element 2001. An element 2002 represents apolicy password. In this case, a password stored in the settinginformation database 1605 on the device side is set in the element 2002.An element 2003 represents the setting contents of the security policyand describes the setting value of each item for the current securitypolicy of the device. An element 2004 represents various pieces ofinformation of the device other than that for the security policy. Inthe example of FIG. 20, the element 2004 describes the device name, theserial number, and the model name. Similarly to FIGS. 12A and 12B, thesetting information illustrated in FIG. 20 may include various settings(not illustrated) other than those for the security policy and thedevice information, and address book information.

Next, in step S1902, the setting information management unit 403 newlycreates a security policy using setting values included in the acquiredsetting information and saves the created security policy in the settinginformation database 408. At this time, the policy name of the createdsecurity policy may be automatically set as, for example, “reusesecurity policy” provisionally to display a list of security policies ona setting screen of the management apparatus 101 as illustrated in FIG.9. A policy password is not set in a file of the created securitypolicy. That is, at this time, the security policy is managed using thepolicy name “reuse security policy” in a state where the policy passwordindicated in the element 2002 illustrated in FIG. 20 is deleted.

If the policy version indicated in the element 2001 illustrated in FIG.20 cannot be treated by (is unknown to) the management apparatus 101,the policy version of the security policy created in step S1902 is setto the latest one of policy versions that can be treated by themanagement apparatus 101. Further, among the contents of the securitypolicy described in the element 2003 in FIG. 20, a setting item thatcannot be treated by the management apparatus 101 is ignored.Conversely, if a setting item corresponding to an item included in thelatest policy version that can be treated by the management apparatus101 is not present in the element 2003 in FIG. 20, a predeterminedinitial value is set for the policy item.

In step S1903, the setting information acquisition unit 404 determineswhether a policy password is included in the acquired settinginformation. At this time, if a policy password is included (YES in stepS1903), the processing proceeds to step S1904. If a policy password isnot included (NO in step S1903), this processing is ended.

In step S1904, the setting information management unit 403 stores in thesetting information database 408 the policy password included in theacquired setting information. In the present exemplary embodiment, asillustrated in FIG. 21, the setting information database 408 managesidentification information of the acquisition source device and thepolicy password in association with the security policy (policy ID:P0003) created in step S1902.

In FIG. 21, for each of security policies indicated by the policy IDsP0001 and P0002, an acquisition source device ID is blank. Thisindicates that these security policies are not acquired from a device,but are created on a setting screen of the management apparatus 101.

FIG. 22 is a flowchart illustrating the flow of processing in which themanagement apparatus 101 distributes setting information to the devices102, 103, and 104. The processing illustrated in the flowchart in FIG.22 is performed by the device management software 400 of the managementapparatus 101. That is, the processing of the flowchart in FIG. 22 isachieved by the CPU 201 reading and executing a program recorded in theHDD 212. Processes similar to those in FIG. 8 are designated by the samenumerals and will not be described here.

In step S2201, similarly to step S804 in FIG. 8, the setting informationdistribution unit 405 determines whether policy password information ofthe target device is present in the device information database 409. Ifa policy password is present (YES in step S2201), the processingproceeds to step S805. If a policy password is not present (NO in stepS2201), the processing proceeds to step S2202.

In step S2202, the setting information management unit 403 determineswhether a policy password at the time of acquisition is managed by thesetting information database 408 in association with the security policyselected in step S801. If the policy password is managed (YES in stepS2202), the processing proceeds to step S2203. If the policy password isnot managed (NO in step S2202), the processing proceeds to step S806.

In step S2203, the setting information management unit 403 determineswhether the target device is the same as the acquisition source devicemanaged in association with the security policy selected in step S801.If the target device is the same as the acquisition source device (YESin step S2203), the processing proceeds to step S2204. If the targetdevice is not the same as the acquisition source device (NO in stepS2203), the processing proceeds to step S806.

In step S2204, the setting information management unit 403 reads andacquires from the setting information database 408 the policy passwordat the time of acquisition that has been confirmed in step S2202.

FIG. 23 illustrates an example of a screen for receiving an entry of apolicy password, which is displayed by the UI control unit 401 in stepS806 after the processing in FIG. 22. This is a modification example ofthe screen illustrated in FIG. 11B. This is an example of the case wherethe user has selected the above-described “reuse security policy” as thesecurity policy to be distributed. At this time, a “device A”, a “deviceB”, and a “device D” are selected as the distribution target devices.

In FIG. 23, the policy password read in step S805 and stored in thedevice information database 409 is entered in advance in a text box forthe device B. Further, the policy password at the time of acquisitionthat has been read in step S2204 and managed by the setting informationdatabase 408 is entered in advance in a text box for the device D.

The determination condition in step S2203 may be set to an appropriatecondition, taking into account the risk and convenience of reusing apassword, and is not limited to the condition illustrated in the presentexemplary embodiment. For example, the condition can be such that ifmodel information of the distribution target device is the same as modelinformation of the acquisition source device, the determination is“Yes”. Further, it is also possible to perform processing of, if apassword at the time of acquisition is managed (YES in step S2202),always using this password.

Embodiments of the present invention can also be realized by a computerof a system or apparatus that reads out and executes computer executableinstructions recorded on a storage medium (e.g., non-transitorycomputer-readable storage medium) to perform the functions of one ormore of the above-described embodiment(s) of the present invention, andby a method performed by the computer of the system or apparatus by, forexample, reading out and executing the computer executable instructionsfrom the storage medium to perform the functions of one or more of theabove-described embodiment(s). The computer may comprise one or more ofa central processing unit (CPU), micro processing unit (MPU), or othercircuitry, and may include a network of separate computers or separatecomputer processors. The computer executable instructions may beprovided to the computer, for example, from a network or the storagemedium. The storage medium may include, for example, one or more of ahard disk, a random-access memory (RAM), a read only memory (ROM), astorage of distributed computing systems, an optical disk (such as acompact disc (CD), digital versatile disc (DVD), or Blu-ray Disc (BD)™),a flash memory device, a memory card, and the like.

While the present invention has been described with reference toexemplary embodiments, it is to be understood that the invention is notlimited to the disclosed exemplary embodiments. The scope of thefollowing claims is to be accorded the broadest interpretation so as toencompass all such modifications and equivalent structures andfunctions.

What is claimed is:
 1. A system including a personal computer and animage forming apparatus having a printer engine, wherein the imageforming apparatus comprises a memory storing instructions and aprocessor which is capable of executing the instructions causing theimage forming apparatus to: manage a password for an administrator aboutsettings corresponding to functions of the image forming apparatus;receive a password via a web browser executed by the personal computerwhen an operation for the settings is performed; provide a settingscreen to the web browser, wherein whether processing using a UniversalSerial Bus (USB) interface is to be restricted, whether a function oftransmitting data to an outside by facsimile is to be restricted, andwhether a function of transferring data to the outside using a networkis to be restricted are designatable on the setting screen; and reflect,on the image forming apparatus, at least one of setting valuescorresponding to restriction of the processing using the USB interface,restriction of the function of transmitting data to the outside byfacsimile, and restriction of the function of transmitting data to theoutside using the network according to one or more designations via thesetting screen, wherein, when the password for the administrator hasbeen received from the web browser, the web browser is capable ofdesignating the restriction of the processing using the USB interface,the restriction of the function of transmitting data to the outside byfacsimile, and the restriction of the function of transmitting data tothe outside using the network via the setting screen.
 2. The systemaccording to claim 1, wherein in a case where menus corresponding to theprocessing using the USB interface, the function of transmitting data tothe outside by facsimile, and the function of transmitting data to theoutside using the network, respectively, are selected on an operationscreen of the image forming apparatus according to the reflection, theinstructions further cause the image forming apparatus to display amassage indicating that a function corresponding to the selection is notavailable.
 3. The system according to claim 1, wherein the function oftransmitting data to the outside using the network includes a functionof transmitting data by electronic mail.
 4. The system according toclaim 1, wherein the setting screen is provided to the web browser by aweb server of the image forming apparatus.
 5. A method for a systemincluding a personal computer and an image forming apparatus having aprinter engine, the method comprising: managing a password for anadministrator about settings corresponding to functions of the imageforming apparatus; receiving a password via a web browser executed bythe personal computer when an operation for the settings is performed;providing a setting screen to the web browser, wherein whetherprocessing using a Universal Serial Bus (USB) interface is to berestricted, whether a function of transmitting data to an outside byfacsimile is to be restricted, and whether a function of transferringdata to the outside using a network is to be restricted are designatableon the setting screen; and reflecting, on the image forming apparatus,at least one of setting values corresponding to restriction of theprocessing using the USB interface, restriction of the function oftransmitting data to the outside by facsimile, and restriction of thefunction of transmitting data to the outside using the network accordingto one or more designations via the setting screen, wherein, when thepassword for the administrator has been received from the web browser,the web browser is capable of designating the restriction of theprocessing using the USB interface, the restriction of the function oftransmitting data to the outside by facsimile, and the restriction ofthe function of transmitting data to the outside using the network viathe setting screen.
 6. An image forming apparatus which has a printerengine, comprising: a memory storing instructions; and a processor whichis capable of executing the instructions causing the image formingapparatus to: manage a password for an administrator about settingscorresponding to functions of the image forming apparatus; receive apassword via a web browser executed by a personal computer when anoperation for the settings is performed; provide a setting screen to theweb browser, wherein whether processing using a Universal Serial Bus(USB) interface is to be restricted, whether a function of transmittingdata to an outside by facsimile is to be restricted, and whether afunction of transferring data to the outside using a network is to berestricted are designatable on the setting screen; and reflect, on theimage forming apparatus, at least one of setting values corresponding torestriction of the processing using the USB interface, restriction ofthe function of transmitting data to the outside by facsimile, andrestriction of the function of transmitting data to the outside usingthe network according to one or more designations via the settingscreen, wherein, when the password for the administrator has beenreceived from the web browser, the web browser is capable of designatingthe restriction of the processing using the USB interface, therestriction of the function of transmitting data to the outside byfacsimile, and the restriction of the function of transmitting data tothe outside using the network via the setting screen.
 7. The imageforming apparatus according to claim 6, wherein in a case where menuscorresponding to the processing using the USB interface, the function oftransmitting data to the outside by facsimile, and the function oftransmitting data to the outside using the network, respectively, areselected on an operation screen of the image forming apparatus accordingto the reflection, the instructions further cause the image formingapparatus to display a massage indicating that a function correspondingto the selection is not available.
 8. The image forming apparatusaccording to claim 6, wherein the setting screen is provided to the webbrowser by a web server of the image forming apparatus.
 9. A method foran image forming apparatus which has a printer engine, the methodcomprising: managing a password for an administrator about settingscorresponding to functions of the image forming apparatus; receiving apassword via a web browser executed by a personal computer when anoperation for the settings is performed; providing a setting screen tothe web browser, wherein whether processing using a Universal Serial Bus(USB) interface is to be restricted, whether a function of transmittingdata to an outside by facsimile is to be restricted, and whether afunction of transferring data to the outside using a network is to berestricted are designatable on the setting screen; and reflecting, onthe image forming apparatus, at least one of setting valuescorresponding to restriction of the processing using the USB interface,restriction of the function of transmitting data to the outside byfacsimile, and restriction of the function of transmitting data to theoutside using the network according to one or more designations via thesetting screen, wherein, when the password for the administrator hasbeen received from the web browser, the web browser is capable ofdesignating the restriction of the processing using the USB interface,the restriction of the function of transmitting data to the outside byfacsimile, and the restriction of the function of transmitting data tothe outside using the network via the setting screen.
 10. The methodaccording to claim 9, further comprising displaying, in a case wheremenus corresponding to the processing using the USB interface, thefunction of transmitting data to the outside by facsimile, and thefunction of transmitting data to the outside using the network,respectively, are selected on an operation screen of the image formingapparatus according to the reflection, a massage indicating that afunction corresponding to the selection is not available.
 11. The methodaccording to claim 9, wherein the setting screen is provided to the webbrowser by a web server of the image forming apparatus.
 12. Anon-transitory computer readable storage medium on which is stored acomputer program for making a computer execute a method for an imageforming apparatus which has a printer engine, the method comprising:managing a password for an administrator about settings corresponding tofunctions of the image forming apparatus; receiving a password via a webbrowser executed by a personal computer when an operation for thesettings is performed; providing a setting screen to the web browser,wherein whether processing using a Universal Serial Bus (USB) interfaceis to be restricted, whether a function of transmitting data to anoutside by facsimile is to be restricted, and whether a function oftransferring data to the outside using a network is to be restricted aredesignatable on the setting screen; and reflecting, on the image formingapparatus, at least one of setting values corresponding to restrictionof the processing using the USB interface, restriction of the functionof transmitting data to the outside by facsimile, and restriction of thefunction of transmitting data to the outside using the network accordingto one or more designations via the setting screen, wherein, when thepassword for the administrator has been received from the web browser,the web browser is capable of designating the restriction of theprocessing using the USB interface, the restriction of the function oftransmitting data to the outside by facsimile, and the restriction ofthe function of transmitting data to the outside using the network viathe setting screen via the setting screen.